Fix some mixed zone-type cases

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6478 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-06-07 02:21:54 +00:00
parent 5b11cc9e6e
commit 52b878cb8b
3 changed files with 22 additions and 3 deletions

View File

@ -188,7 +188,7 @@ sub validate_policy()
unless ( $clientwild || $serverwild ) { unless ( $clientwild || $serverwild ) {
if ( $zones{$server}{type} eq 'bport4' ) { if ( $zones{$server}{type} eq 'bport4' ) {
fatal_error "Invalid policy - DEST zone is a Bridge Port zone but the SOURCE zone is not associated with the same bridge" fatal_error "Invalid policy - DEST zone is a Bridge Port zone but the SOURCE zone is not associated with the same bridge"
unless $zones{$client}{bridge} eq $zones{$server}{bridge}; unless $zones{$client}{bridge} eq $zones{$server}{bridge} || single_interface( $client ) eq $zones{$server}{bridge};
} }
} }

View File

@ -979,7 +979,7 @@ sub process_rule1 ( $$$$$$$$$$$ ) {
# Check for illegal bridge port rule # Check for illegal bridge port rule
# #
if ( $zones{$destzone}->{type} eq 'bport4' ) { if ( $zones{$destzone}->{type} eq 'bport4' ) {
unless ( $zones{$sourcezone}{bridge} eq $zones{$destzone}{bridge} ) { unless ( $zones{$sourcezone}{bridge} eq $zones{$destzone}{bridge} || single_interface( $sourcezone ) eq $zones{$destzone}{bridge} ) {
return 1 if $wildcard; return 1 if $wildcard;
fatal_error "Rules with a DESTINATION Bridge Port zone must have a SOURCE zone on the same bridge"; fatal_error "Rules with a DESTINATION Bridge Port zone must have a SOURCE zone on the same bridge";
} }

View File

@ -40,6 +40,7 @@ our @EXPORT = qw( NOTHING
zone_report zone_report
dump_zone_contents dump_zone_contents
haveipseczones haveipseczones
single_interface
@zones @zones
%zones %zones
@ -377,4 +378,22 @@ sub dump_zone_contents()
} }
} }
#
# If the passed zone is associated with a single interface, the name of the interface is returned. Otherwise, the funtion returns '';
#
sub single_interface( $ ) {
my $zone = $_[0];
my $zoneref = $zones{$zone};
fatal_error "Internal Error in single_zone()" unless $zoneref;
{
no warnings;
if ( %{$zoneref->{interfaces}} == 1 ) {
( keys %{$zoneref->{interfaces}} )[0];
} else {
'';
}
}
}
1; 1;